Telecom/xtra DNS Questions
![](https://secure.gravatar.com/avatar/ca34d7c4ed4ec4fa0db4de153214f5e7.jpg?s=120&d=mm&r=g)
Inspired by the open nature of Patrick Gilmore's (Akamai) post and having been asked by more than a few people now if we can answer questions about the telecom/xtra DNS servers. I have been answering questions as they present themselves for a while now but I never formally said I would answer questions as they arose or openly invited questions about this. In the same vein as the Akamai thread if there is anything I can't talk about I will say so, however I will answer what I can honestly and openly. There maybe a delay in some answers if I need to get clarification on our position, I expect some question could be contentious. So if you have a question please feel free to ask it. Regards Paul Tinson Senior Specialist
![](https://secure.gravatar.com/avatar/f4bf13e5b2c22bf20c3911677369008e.jpg?s=120&d=mm&r=g)
Hi Paul, Does Telecom plan to turn on DNSSEC validation with a root trust anchor on any/all of its customer-facing resolvers, or at least begin testing with the goal of doing so? Anybody else? Just curious :-) Joe On 2010-07-21, at 23:59, Paul Tinson wrote:
Inspired by the open nature of Patrick Gilmore's (Akamai) post and having been asked by more than a few people now if we can answer questions about the telecom/xtra DNS servers. I have been answering questions as they present themselves for a while now but I never formally said I would answer questions as they arose or openly invited questions about this.
In the same vein as the Akamai thread if there is anything I can't talk about I will say so, however I will answer what I can honestly and openly. There maybe a delay in some answers if I need to get clarification on our position, I expect some question could be contentious.
So if you have a question please feel free to ask it.
Regards
Paul Tinson Senior Specialist _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
![](https://secure.gravatar.com/avatar/ca34d7c4ed4ec4fa0db4de153214f5e7.jpg?s=120&d=mm&r=g)
Hi Joe, I am currently writing a discussion doc about this very thing for Telecom, making the system work with as small an impact on our current operational teams is the goal that we have. We are getting set to test it; I am just waiting for the next release of our resolver software before I plunge down that path. I would be interested to hear if anyone else is considering this and what value they place on it at an organization level. Typically this sort of thing isn't a key driver at layer 8 so the value to the organisation in having it done needs to be explained. Regards Paul Tinson Senior Specialist -----Original Message----- From: Joe Abley [mailto:jabley(a)hopcount.ca] Sent: Friday, 23 July 2010 3:36 p.m. To: Paul Tinson Cc: NZNOG List Subject: Re: [nznog] Telecom/xtra DNS Questions Hi Paul, Does Telecom plan to turn on DNSSEC validation with a root trust anchor on any/all of its customer-facing resolvers, or at least begin testing with the goal of doing so? Anybody else? Just curious :-) Joe On 2010-07-21, at 23:59, Paul Tinson wrote:
Inspired by the open nature of Patrick Gilmore's (Akamai) post and having been asked by more than a few people now if we can answer questions about the telecom/xtra DNS servers. I have been answering questions as they present themselves for a while now but I never formally said I would answer questions as they arose or openly invited questions about this.
In the same vein as the Akamai thread if there is anything I can't talk about I will say so, however I will answer what I can honestly and openly. There maybe a delay in some answers if I need to get clarification on our position, I expect some question could be contentious.
So if you have a question please feel free to ask it.
Regards
Paul Tinson Senior Specialist _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
![](https://secure.gravatar.com/avatar/f4bf13e5b2c22bf20c3911677369008e.jpg?s=120&d=mm&r=g)
Hi Paul, On 2010-07-25, at 23:31, Paul Tinson wrote:
Typically this sort of thing isn't a key driver at layer 8 so the value to the organisation in having it done needs to be explained.
Sounds highly plausible, although there are counter-examples where layer-8 is where the driving starts (e.g. in response to whatever Dan Kaminsky's findings have morphed into by the time they reach the 11th floor). How have you explained it to management at Telecom? That seems like a useful thing to share. Joe
![](https://secure.gravatar.com/avatar/ca34d7c4ed4ec4fa0db4de153214f5e7.jpg?s=120&d=mm&r=g)
Hi Joe,
Sounds highly plausible, although there are counter-examples where layer-8 is where the driving starts (e.g. in response to whatever Dan Kaminsky's findings have morphed into by the time they reach the 11th floor).
Usually by the time something reaches the top floor it has had several iterations of engineers review it and then someone who can speak translate geek into English so it's something understandable for the non engineer. At least that is my experience, and not trying to be disparaging of engineers or management...
How have you explained it to management at Telecom? That seems like a useful thing to share.
I haven't yet, that is what my discussion document is going to try and do. Once it's finished I will ask if it is something we can share in a public forum. It may need to be sanitised for public consumption of course. I think it would be useful to share as well, so if any other's watching the list have been through this and can share, that would be useful from my point of view. Regards Paul Tinson Senior Specialist -----Original Message----- From: Joe Abley [mailto:jabley(a)hopcount.ca] Sent: Tuesday, 27 July 2010 3:22 a.m. To: Paul Tinson Cc: NZNOG List Subject: Re: [nznog] Telecom/xtra DNS Questions Hi Paul, On 2010-07-25, at 23:31, Paul Tinson wrote:
Typically this sort of thing isn't a key driver at layer 8 so the value to the organisation in having it done needs to be explained.
Sounds highly plausible, although there are counter-examples where layer-8 is where the driving starts (e.g. in response to whatever Dan Kaminsky's findings have morphed into by the time they reach the 11th floor). How have you explained it to management at Telecom? That seems like a useful thing to share. Joe
participants (2)
-
Joe Abley
-
Paul Tinson